There is one more new possible NULL pointer dereference in libksba (similar one for LONG and MEM types):
1. libksba-1.5.1/src/asn1-func.c:169:29: warning[-Wanalyzer-null-dereference]: dereference of NULL 'value' 13. libksba-1.5.1/src/asn1-func.c:44: included_from: Included from here. 15. libksba-1.5.1/src/asn1-func.c:185:3: note: in expansion of macro 'return_if_fail' 21. libksba-1.5.1/src/asn1-func.c:44: included_from: Included from here. 23. libksba-1.5.1/src/asn1-func.c:130:3: note: in expansion of macro 'return_if_fail' 29. libksba-1.5.1/src/asn1-func.c:44: included_from: Included from here. 31. libksba-1.5.1/src/asn1-func.c:168:7: note: in expansion of macro 'return_if_fail' # 167| case VALTYPE_ULONG: # 168| return_if_fail (sizeof (unsigned long) == len); # 169|-> node->value.v_ulong = *(unsigned long *)value; # 170| break; # 171|
It should be fixed with the simple check for NULL, especially when the comment above the function says:
[...] With VALUE of NULL or LEN of 0 the value field is deleted